Barber’s Privacy Policy, Cookie Statement & GDPR

PRivacy Notice

This Privacy Notice tells you what to expect in relation to ‘Personal Data’ (or ‘personal information’)
about you, which is collected, handled, processed and stored by us. The processing of Personal Data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
In summary, what is the GDPR and our Data Privacy Policy all about?
The law requires that eight data protection principles are followed in the handling of personal data.
These are that personal data must be:

1. Fairly, transparently and lawfully processed.
2. Obtained and processed for limited purposes and not in any manner incompatible with those purposes.
3. Adequate, relevant and limited to only data that is necessary to perform the purpose for which it was obtained.
4. Accurate and up to date.
5. Not kept for longer than is necessary.
6. Processed in accordance with the data subject’s rights.
7. Secure.
8. Not transferred outside of the EEA or between countries without adequate protection.

We are committed to following these principles and will be open and transparent about the purposes for which we will use your data.

Who are we?

Barbers is the data controller, this means it decides how your personal data is collected, handled, processed and stored, and for what purposes. If any of your personal information changes, you believe that any of the information we hold is incorrect or you have any queries with regard to your personal information or our data protection policies and procedures, then please contact us at
dataprotection@barbers.co.uk

What is Personal Data?

‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is anyone who can be identified, directly or indirectly from that data. Identification can be by the information alone or in combination with other information that is within our possession, control or from other information to which we legally have access to.

What is the legal basis for processing your Personal Data?

All Personal Data that we process, will be in accordance with one or more of the following legal basis’:

• Consent from the individual (or someone authorised to consent on their behalf).
• Where it is necessary in connection with a contract between us and an individual or an individual that is authorised to represent a non-natural person with whom we have a contractual relationship.
• Where it is necessary because of a legal obligation – if the law says you must, you must.
• Where it is necessary in an emergency, to protect an individual’s ‘vital interests’.
• Where it involves the exercise of a public function – i.e. most activities of most government, local government and other public bodies.
• Where it is necessary in our legitimate interests, as long as these are not outweighed by the interests of the individual.

How do we protect your Personal Data?

Barbers aim to protect your Personal Data, and complies with its obligations under the GDPR, by:

• keeping Personal Data up to date;
• only storing information in secure locations;
• destroying information that is no longer relevant;
• not collecting or retaining unnecessary or excessive amounts of data;
• protecting Personal Data from loss, misuse, unauthorised access and disclosure;
• ensuring that appropriate technical measures are in place to protect Personal Data.
• ensuring that we undertake suitable due diligence checks on 3rd parties who have a legal basis for Processing Personal Data.

Please note that we have a legal obligation under GDPR, that we must notify any data breach to the controller without undue delay. Barbers therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.

What do we use your Personal Information for?

We use Personal Data to:

• fulfil our contractual obligations to businesses or individuals, for goods and services that have been requested/provided;
• verify identity, which may include natural persons where a contractual relationship is proposed or exists, in order to assess credit and other commercial risks to our business.
• provide you with information, news, events and activities that is relevant to the goods or services
• that we are contractually providing to you or consuming from you;
• provide you with news, events and activities, for which you have consented to us to do so (please see ‘Marketing Consent’ section below)

Who else has access to your Personal Data?

‘Barbers’ is a trading name of AJ And RG Barber Limited, AJ & RG Barber (Sales) Ltd. To ensure that our business operates in an efficient and complaint manner, our businesses share internal systems, controls and management, therefore Personal Data provided to one of our businesses may be processed by another, either as part of providing you/providing us with goods and services for which we have a contractual obligation or in order to manage our own business (the latter supports our ‘legitimate interests’ as a business)

In order to provide you/us with the goods and services that we/you have agreed to provide, there are a number of 3rd parties who may need to process your Personal Data:

• Licensed credit reference agencies
• Product and service providers whom we may be contractually obligated to engage with on you r behalf
• Insurance providers and intermediaries that are engaged to mitigate risks to our business.
• Other 3rd parties, based upon our ‘legitimate interests’ as a business, examples may include, data centres that securely store your information, Banks that require relevant personal data in order to fulfil, on our behalf, our obligations to you.
• Any statutory, governmental or regulatory body that requests Personal Data and that we are obliged by Law or regulation, to provide.
• 3rd party Institutions which you may have entered into a contract with, whilst in the course of your engagement with Barbers. You should be aware that the 3rd party will become the ‘data controller’ of any of the Personal Data that is provided to them either by you or by us, with your consent, however if your engagement with Barbers were to end, this would not end your engagement with the 3rd party.

Further processing?

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

We keep your personal data for no longer than reasonably necessary, however there are circumstances when we may retain Personal Data for a longer period:

• where we have a statutory or regulatory obligation to retain the Personal Data;
• to ensure that our business is properly run in an efficient and compliant manner

Unless subject to an exemption under the GDPR, you have the following rights in respect to your Personal Data:

• to request a copy of your personal data which we hold about you (Access);
• to request that we correct any personal data if it is found to be inaccurate or out of date (Recification);
• to request your personal data is erased, unless there is a legitimate reason for us not to comply (we
• will always provide you with more details about your Rights in our response to your request) (Erasure ‘Right to be forgotten’);
• to transmit that data directly to another data controller, (Portability);
• to lodge a complaint with the Information Commissioners Office.

If you wish to exercise any of your rights, please see our ‘Contact Details’ section below.
Special Categories or ‘Sensitive’ Data.

If you visit any of our food production facilities, we may require you to provide us with certain special categories of information that are treated in law as being particularly sensitive (e.g. information relating to your health). We will ask that you agree to us processing any Sensitive Personal Information that you provide to us in accordance with this policy. Tthis sensitive personal data will be required to:

• ensure that food safety obligations, laws and regulations are fulfilled e.g. to ensure that food products are not contaminated if you are in close proximity to food production areas after suffering from a relevant illness, disease, infection and/or having previously been in an ‘high risk’ environment or geographical location.